with import <nixpkgs> {};
let
  pki = pkgs.callPackage ../lib/pki.nix {};
  certs = pkgs.callPackage ./certs.nix {};
  clusterHosts = ''
    10.253.18.106 fs0-0 fs0-0.local
    10.1.2.164    fs0-1 fs0-1.local
    10.253.18.100 fs0-2 fs0-2.local
  '';

  nixosConfig = node:
    let
      cert = pki.toSet certs.${node};
    in
    {
      imports = [
        (../nixos/hardware-configuration + "/${node}.nix")
        ../nixos/configuration.nix
      ];
      boot.kernelModules = [
        "dm_snapshot"
        "dm_mirror"
        "dm_thin_pool"
      ];
      networking = {
        hostName = node;
        extraHosts = clusterHosts;
        firewall.allowedTCPPortRanges = [ { from = 5000; to = 50000; } ];
        firewall.allowedTCPPorts = [ 111 ];
        firewall.allowedUDPPorts = [ 111 24007 24008 ];
      };
      services.glusterfs = {
        enable = true;
        tlsSettings = {
          caCert = pki.ca.cert;
          tlsKeyPath = cert.key;
          tlsPem = cert.cert;
        };
      };
      environment.systemPackages = [ pkgs.lvm2 ];
    };
in
{
  fs0-0 = { ... }:
    let
      base = nixosConfig "fs0-0";
    in
    {
      deployment.targetHost = "10.253.18.106";
      require = [ base ];
      services.nfs.server = {
        enable=true;
        exports= ''
          /vol/brick0/nfs0 10.253.18.0/24(insecure,rw,sync,no_subtree_check,crossmnt,fsid=0,no_root_squash)
        '';
      };
      networking.firewall.allowedTCPPorts = [ 111 2049 ];
      networking.firewall.allowedUDPPorts = [ 111 2049 ];
    };
  fs0-1 = { ... }:
    let
      base = nixosConfig "fs0-1";
    in
    {
      deployment.targetHost = "10.1.2.164";
      require = [ base ];
    };
}